Isometry groups of Lorentzian manifolds of finite volume and The local geometry of compact homogeneous Lorentz spaces

Based on the work of Adams and Stuck as well as on the work of Zeghib, we classify the Lie groups which can act isometrically and locally effectively on Lorentzian manifolds of finite volume. In the case that the corresponding Lie algebra contains a direct summand isomorphic to the two-dimensional special linear algebra or to a twisted Heisenberg algebra, we also describe the geometric structure of the manifolds if they are compact. Using these results, we investigate the local geometry of compact homogeneous Lorentz spaces whose isometry groups have non-compact connected components. It turns out that they all are reductive. We investigate the isotropy representation, curvatures and holonomy. Especially, we obtain that any Ricci-flat compact homogeneous Lorentz space is flat or has compact isometry group.Comment: 130 page

The convergence of discrete period matrices

We study compact polyhedral surfaces as Riemann surfaces and their discrete counterparts obtained through quadrilateral cellular decompositions and a linear discretization of the Cauchy-Riemann equation. By ensuring uniformly bounded interior and intersection angles of diagonals, we establish the convergence of discrete Dirichlet energies of discrete harmonic differentials with equal black and white periods to the Dirichlet energy of the corresponding continuous harmonic differential with the same periods. This convergence also extends to the discrete period matrix, with a description of the blocks of the complete discrete period matrix in the limit. Moreover, when the quadrilaterals have orthogonal diagonals, we observe convergence of discrete Abelian integrals of the first kind. Adapting the quadrangulations around conical singularities allows us to improve the convergence rate to a linear function of the maximum edge length.Comment: 33 pages, 3 figure

Balancing climate goals and biodiversity protection: legal implications of the 30x30 target for land-based carbon removal

This article examines the legal conflicts between land-based carbon dioxide removal (CDR) strategies and the establishment of protected areas through the lens of international environmental law. We argue that the 2022 Global Biodiversity Framework's “30x30” target—which aims to protect 30% of global terrestrial and marine areas by 2030—constitutes a “subsequent agreement” under international law and thus clarifies the legal scope and content of the obligation to establish protected areas under Article 8 of the Convention on Biological Diversity (CBD). Since states have pledged 120 million square kilometers for land-based CDR, these commitments potentially conflict with the “30x30” target, especially if global cropland for food production is to be maintained. Consequently, some land-based CDR strategies may directly or indirectly impede the achievement of the “30x30” target, which could be deemed inconsistent with international law. However, as all international environmental law operates in a continuum, this does not imply that land-based CDR should be categorically ruled out. Rather, states should focus on emission reductions and implementing CDR options that provide the most co-benefits to climate mitigation and biodiversity protection efforts

Seasonal Credit Constraints and Agricultural Labor Supply: Evidence from Zambia

Small-scale farming remains the primary source of income for a majority of the population in developing countries. While most farmers primarily work on their own fields, off-farm labor is common among small-scale farmers. A growing literature suggests that off-farm labor is not the result of optimal labor allocation, but is instead driven by households' inability to cover short-term consumption needs with savings or credit. We conduct a field experiment in rural Zambia to investigate the relationship between credit availability and rural labor supply. We find that providing households with access to credit during the growing season substantially alters the allocation of household labor, with households in villages randomly selected for a loan program selling on average 25 percent less off-farm labor. We also find that increased credit availability is associated with higher consumption and increases in local farming wages. Our results suggest that a substantial fraction of rural labor supply is driven by short-term constraints, and that access to credit markets may improve the efficiency of labor allocation overall

Modeling Advanced Security Aspects of Key Exchange and Secure Channel Protocols

Secure communication has become an essential ingredient of our daily life. Mostly unnoticed, cryptography is protecting our interactions today when we read emails or do banking over the Internet, withdraw cash at an ATM, or chat with friends on our smartphone. Security in such communication is enabled through two components. First, two parties that wish to communicate securely engage in a key exchange protocol in order to establish a shared secret key known only to them. The established key is then used in a follow-up secure channel protocol in order to protect the actual data communicated against eavesdropping or malicious modification on the way. In modern cryptography, security is formalized through abstract mathematical security models which describe the considered class of attacks a cryptographic system is supposed to withstand. Such models enable formal reasoning that no attacker can, in reasonable time, break the security of a system assuming the security of its underlying building blocks or that certain mathematical problems are hard to solve. Given that the assumptions made are valid, security proofs in that sense hence rule out a certain class of attackers with well-defined capabilities. In order for such results to be meaningful for the actually deployed cryptographic systems, it is of utmost importance that security models capture the system's behavior and threats faced in that 'real world' as accurately as possible, yet not be overly demanding in order to still allow for efficient constructions. If a security model fails to capture a realistic attack in practice, such an attack remains viable on a cryptographic system despite a proof of security in that model, at worst voiding the system's overall practical security. In this thesis, we reconsider the established security models for key exchange and secure channel protocols. To this end, we study novel and advanced security aspects that have been introduced in recent designs of some of the most important security protocols deployed, or that escaped a formal treatment so far. We introduce enhanced security models in order to capture these advanced aspects and apply them to analyze the security of major practical key exchange and secure channel protocols, either directly or through comparatively close generic protocol designs. Key exchange protocols have so far always been understood as establishing a single secret key, and then terminating their operation. This changed in recent practical designs, specifically of Google's QUIC ("Quick UDP Internet Connections") protocol and the upcoming version 1.3 of the Transport Layer Security (TLS) protocol, the latter being the de-facto standard for security protocols. Both protocols derive multiple keys in what we formalize in this thesis as a multi-stage key exchange (MSKE) protocol, with the derived keys potentially depending on each other and differing in cryptographic strength. Our MSKE security model allows us to capture such dependencies and differences between all keys established in a single framework. In this thesis, we apply our model to assess the security of both the QUIC and the TLS 1.3 key exchange design. For QUIC, we are able to confirm the intended overall security but at the same time highlight an undesirable dependency between the two keys QUIC derives. For TLS 1.3, we begin by analyzing the main key exchange mode as well as a reduced resumption mode. Our analysis attests that TLS 1.3 achieves strong security for all keys derived without undesired dependencies, in particular confirming several of this new TLS version's design goals. We then also compare the QUIC and TLS 1.3 designs with respect to a novel 'zero round-trip time' key exchange mode establishing an initial key with minimal latency, studying how differences in these designs affect the achievable key exchange security. As this thesis' last contribution in the realm of key exchange, we formalize the notion of key confirmation which ensures one party in a key exchange execution that the other party indeed holds the same key. Despite being frequently mentioned in practical protocol specifications, key confirmation was never comprehensively treated so far. In particular, our formalization exposes an inherent, slight difference in the confirmation guarantees both communication partners can obtain and enables us to analyze the key confirmation properties of TLS 1.3. Secure channels have so far been modeled as protecting a sequence of distinct messages using a single secret key. Our first contribution in the realm of channels originates from the observation that, in practice, secure channel protocols like TLS actually do not allow an application to transmit distinct, or atomic, messages. Instead, they provide applications with a streaming interface to transmit a stream of bits without any inherent demarcation of individual messages. Necessarily, the security guarantees of such an interface differ significantly from those considered in cryptographic models so far. In particular, messages may be fragmented in transport, and the recipient may obtain the sent stream in a different fragmentation, which has in the past led to confusion and practical attacks on major application protocol implementations. In this thesis, we formalize such stream-based channels and introduce corresponding security notions of confidentiality and integrity capturing the inherently increased complexity. We then present a generic construction of a stream-based channel based on authenticated encryption with associated data (AEAD) that achieves the strongest security notions in our model and serves as validation of the similar TLS channel design. We also study the security of such applications whose messages are inherently atomic and which need to safely transport these messages over a streaming, i.e., possibly fragmenting, channel. Formalizing the desired security properties in terms of confidentiality and integrity in such a setting, we investigate and confirm the security of the widely adopted approach to encode the application's messages into the continuous data stream. Finally, we study a novel paradigm employed in the TLS 1.3 channel design, namely to update the keys used to secure a channel during that channel's lifetime in order to strengthen its security. We propose and formalize the notion of multi-key channels deploying such sequences of keys and capture their advanced security properties in a hierarchical framework of confidentiality and integrity notions. We show that our hierarchy of notions naturally connects to the established notions for single-key channels and instantiate its strongest security notions with a generic AEAD-based construction. Being comparatively close to the TLS 1.3 channel protocol, our construction furthermore enables a comparative design discussion